Click here to Skip to main content
14,494,237 members
Rate this:
Please Sign up or sign in to vote.
See more: , +
Please help me to fix this

Fatal error: Uncaught Error: Call to undefined function mysql_real_escape_string() in C:\xampp\htdocs\webdua\pusing\xxx\proses.php:7 Stack trace: #0 {main} thrown in C:\xampp\htdocs\webdua\pusing\xxx\proses.php on line 7


<?php
	$username = $_POST['user'];
	$password = $_POST['pass'];

	$username = stripcslashes($username);
	$password = stripcslashes($password);
	$username = mysql_real_escape_string($username);
	$password = mysql_real_escape_string($password);

	mysql_connect("localhost", "root", "");
	mysql_select_db("masuk");

	$result = mysql_query("select * from pengguna where username = '$username' and password = '$password'")
				or die("failed to query ".mysql_error());
	$row = mysql_fetch_array($result);
	if ($row['username'] == $username && $row['password'] == $password){
		echo "Login sukses ".$row['username'];
	}else{
		echo "failed to login";
	}
?>


What I have tried:

well, i dont know how to fix this :(
Posted
Updated 25-Mar-20 12:14pm
Comments
Richard Deeming 26-Mar-20 7:52am
   
Your code is vulnerable to SQL Injection[^]. NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.

PHP: SQL Injection - Manual[^]
Richard Deeming 26-Mar-20 7:52am
   
You're also storing passwords in plain text. Don't do that.
Secure Password Authentication Explained Simply[^]
Salted Password Hashing - Doing it Right[^]

PHP even has built-in functions to help you do the right thing:
PHP: password_hash[^]
PHP: password_verify[^]

1 solution

Rate this:
Please Sign up or sign in to vote.

Solution 1

Use
mysqli_real_escape_string()
instead.

You should get used to do simple research like this one: simply typing the error (Call to undefined function mysql_real_escape_string()) in your favourite search engine would have brought you an immediate answer without having to wait for one of us in CP passing by and answering your question.
   

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100